To get started with fuzzing the Firefox codebase it seems worth trying to get our own patches under scrutiny first. Firefox itself is regularly fuzzed by an own, specialized team targeting different components (like the JS engines).

I got domfuzz running locally and started fuzzing our code using ASan builds (see: #21998 and #24478). There are some challenges we might want to consider, though, to make this a smoother and more successful experience:

1) We are using ESR 52 and git and the fuzzing code is expecting mozilla-central and a mercurial repo. We can work around that but might benefit from the idea to at least rebase our patches to mozilla-central regularly (see: ​https://lists.torproject.org/pipermail/tbb-dev/2017-November/000669.html) and use that. That might as help with the plan to discover issues in the Firefox codebase itself.

2) Doing fuzzing on local computer does not scale and does not give good results. Thus, we need to get dedicated machines for that thinking about budget etc. I asked Mozilla if we could share resources somehow but they declined for good reasons. But they are willing to help us to duplicate their infrastructure or at least to get their tools running for us.

3) There is currently no process established to get the feedback from the fuzzing efforts back into the development cycle (like ticket creation, ticket assignments and working on them).